公开(公告)号：US07636848B2

公开(公告)日：2009-12-22

申请号：US10580438

申请日：2003-11-27

申请人： Ettore Elio Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Luigi Zaccone

发明人： Ettore Elio Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Luigi Zaccone

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F7/04

CPC分类号： H04L41/28 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/126

摘要： Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

摘要翻译： 管理员设备和网络中的管理设备之间的通信以数字签名的通信项目链的形式进行布置，包括从发起者设备发送到接收者设备的消息。 每个消息具有关联的相应的数字签名的收据，并且发起者设备被配置为在没有针对先前发送的项目的相应的数字签名的收据的情况下，向接收者设备发送新的项目。 对于至少一个，优选地由管理员设备和被管理设备两者，存储有在其间交换的通信项目的历史记录。 历史记录由管理员设备和管理设备同意并签署。

公开(公告)号：US07844834B2

公开(公告)日：2010-11-30

申请号：US10584912

申请日：2003-12-30

申请人： Manuel Leone ,  Ettore Elio Caprella

发明人： Manuel Leone ,  Ettore Elio Caprella

IPC分类号： H04L29/06 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/0853 ,  H04W12/02 ,  H04W12/06

摘要： A method for securely storing at least one user's private information item, such as a private key for cipher processing, includes the steps of providing a communication network wherein the user is allotted a respective subscriber identity module and the subscriber identity module stores at least one security algorithm; producing a cipher key via the at least one security algorithm; and providing a remote storing location accessible by the user via the communication network wherein the user's private information items are stored as files encrypted via the cipher key.

摘要翻译： 用于安全地存储至少一个用户的私人信息项（诸如用于密码处理的专用密钥）的方法包括以下步骤：提供通信网络，其中用户被分配相应的用户识别模块，并且用户身份模块存储至少一个安全性 算法; 经由所述至少一个安全算法产生密钥; 以及提供由用户经由通信网络访问的远程存储位置，其中用户的私有信息项被存储为经由密码密钥加密的文件。

公开(公告)号：US08296825B2

公开(公告)日：2012-10-23

申请号：US11597832

申请日：2004-05-31

申请人： Manuel Leone ,  Ettore Elio Caprella

发明人： Manuel Leone ,  Ettore Elio Caprella

IPC分类号： G06F7/04 ,  G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/0428 ,  H04L63/0853 ,  H04L63/166 ,  H04W12/02 ,  H04W12/06 ,  H04W92/16

摘要： A system for enabling a user to communicate on a virtual private network through a public communication network, the possibility of communicating on the private network depending on the availability to the user of at least one enabling credential sent to the user in encrypted form. The system includes at least one SIM type module available to the user and bearing an encryption mechanism and it is configured to decrypt the enabling credential at the user exploiting the encryption mechanism home by the SIM type module, the SIM type module being able to interact with at least one additional communication network to activate the encryption mechanism.

摘要翻译： 一种用于使用户能够通过公共通信网络在虚拟专用网络上通信的系统，根据向用户提供以加密形式发送给用户的至少一个启用凭证的可用性在专用网络上进行通信的可能性。 该系统包括至少一个可用于用户的SIM型模块，并具有加密机制，并且其被配置为在由SIM型模块利用加密机制归属的用户处解密启用证书，SIM类型模块能够与 至少一个附加的通信网络来激活加密机制。

公开(公告)号：US07913096B2

公开(公告)日：2011-03-22

申请号：US10584864

申请日：2003-12-30

申请人： Manuel Leone ,  Ettore Elio Caprella

发明人： Manuel Leone ,  Ettore Elio Caprella

IPC分类号： H04L29/06 ,  G06F11/30 ,  G06F12/14 ,  H04K1/04 ,  H04K1/06 ,  H04K1/00

CPC分类号： G06F21/6245 ,  G06F2221/2153

摘要： An arrangement for the cipher controlled exploitation of data resources (e.g., securely storing and retrieving sensitive data or securely registering and logging on a computer system) includes the steps of providing a subscriber identity module carrying a security algorithm; generating at least one, e.g., two, random values; subjecting the random value to the at least one security algorithm to generate at least one, e.g., two, session keys; processing the session keys via a mixer function such as a hash function to produce a cipher key; and using the cipher key thus produced for exploiting the data resources.

摘要翻译： 用于密码控制利用数据资源的安排（例如，安全地存储和检索敏感数据或安全地注册和登录计算机系统）包括提供携带安全算法的用户识别模块的步骤; 产生至少一个，例如两个随机值; 使所述随机值至少一个安全算法生成至少一个，例如两个会话密钥; 通过诸如散列函数的混合器功能来处理会话密钥以产生密钥; 并使用由此产生的用于利用数据资源的密码密钥。

公开(公告)号：US08458468B2

公开(公告)日：2013-06-04

申请号：US11630436

申请日：2004-06-25

申请人： Manuel Leone ,  Ettore Elio Caprella

发明人： Manuel Leone ,  Ettore Elio Caprella

IPC分类号： G06F21/00

CPC分类号： H04L63/0869 ,  H04L63/0428 ,  H04L63/0823 ,  H04W12/02 ,  H04W12/06

摘要： A system includes a sending terminal and at least one receiving terminal, the terminals capable of being connected to a communication network for transmitting an information item from the sending terminal to the at least one receiving terminal. The sending terminal is linked via a secure channel to a unit adapted to encrypt sensitive data using a first encryption/decryption mechanism, the sensitive data being used to protect the information item, and the at least one receiving terminal capable of interacting with a SIM module storing a second encryption/decryption mechanism identical to the first encryption/decryption mechanism, for decrypting the sensitive data.

摘要翻译： 系统包括发送终端和至少一个接收终端，所述终端能够连接到通信网络，用于从发送终端向至少一个接收终端发送信息项。 发送终端通过安全通道链接到适用于使用第一加密/解密机制加密敏感数据的单元，敏感数据用于保护信息项，以及能够与SIM模块进行交互的至少一个接收终端 存储与第一加密/解密机构相同的第二加密/解密机制，用于解密敏感数据。

公开(公告)号：US08245047B2

公开(公告)日：2012-08-14

申请号：US12086688

申请日：2005-12-19

申请人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

发明人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

IPC分类号： H04L29/06

CPC分类号： H04L9/3239 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/3218 ,  H04L9/3255

摘要： A method for managing a group signature scheme includes in a setup procedure for group initialization, generating, by a group manager, a group public key. In a join procedure for the group manager to add a new member to the group, the method includes generating by the new member, user information, and providing the generated user information to the group manager, and computing, by the group manager, membership information for the new member based on the user information received by the new member and on the group public key, and providing to the new member the computed membership information. In particular, the membership information is computed, by the group manager, as a function of the inverse of a given hash function of the user information. In a signing procedure for a group member to sign a message on behalf of the group, the method includes: using, by the group member, the membership information and the user information. The method further includes the use of digital certificates, in order for the group member to prove to the group manager the possession of said user information.

摘要翻译： 用于管理组签名方案的方法包括在组初始化的设置过程中，由组管理器生成组公钥。 在组管理者向组中添加新成员的加入过程中，该方法包括由新成员生成用户信息，并向组管理者提供生成的用户信息，以及由组管理器计算会员信息 基于新成员接收的用户信息和组公钥，为新成员提供计算的成员资格信息。 特别地，由组管理者根据用户信息的给定散列函数的倒数来计算会员信息。 在组成员代表组签署消息的签名过程中，该方法包括：由组成员使用成员资格和用户信息。 该方法还包括使用数字证书，以便小组成员向组管理员证明拥有所述用户信息。

公开(公告)号：US20090222668A1

公开(公告)日：2009-09-03

申请号：US12086688

申请日：2005-12-19

申请人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

发明人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L9/14

CPC分类号： H04L9/3239 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/3218 ,  H04L9/3255

摘要： A method for managing a group signature scheme includes in a setup procedure for group initialization, generating, by a group manager, a group public key. In a join procedure for the group manager to add a new member to the group, the method includes generating by the new member, user information, and providing the generated user information to the group manager, and computing, by the group manager, membership information for the new member based on the user information received by the new member and on the group public key, and providing to the new member the computed membership information. In particular, the membership information is computed, by the group manager, as a function of the inverse of a given hash function of the user information. In a signing procedure for a group member to sign a message on behalf of the group, the method includes: using, by the group member, the membership information and the user information. The method further includes the use of digital certificates, in order for the group member to prove to the group manager the possession of said user information.

摘要翻译： 用于管理组签名方案的方法包括在组初始化的设置过程中，由组管理器生成组公钥。 在组管理者向组中添加新成员的加入过程中，该方法包括由新成员生成用户信息，并向组管理者提供生成的用户信息，以及由组管理器计算会员信息 基于新成员接收的用户信息和组公钥，为新成员提供计算的成员资格信息。 特别地，由组管理者根据用户信息的给定散列函数的倒数来计算会员信息。 在组成员代表组签署消息的签名过程中，该方法包括：由组成员使用成员资格和用户信息。 该方法还包括使用数字证书，以便小组成员向组管理员证明拥有所述用户信息。

公开(公告)号：US20070071241A1

公开(公告)日：2007-03-29

申请号：US10580438

申请日：2003-11-27

申请人： Ettore Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Zaccone

发明人： Ettore Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Zaccone

IPC分类号： H04K1/00

CPC分类号： H04L41/28 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/126

摘要： Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

摘要翻译： 管理员设备和网络中的管理设备之间的通信以数字签名的通信项目链的形式进行布置，包括从发起者设备发送到接收者设备的消息。 每个消息具有关联的相应的数字签名的收据，并且发起者设备被配置为在没有针对先前发送的项目的相应的数字签名的收据的情况下，向接收者设备发送新的项目。 对于至少一个，优选地由管理员设备和被管理设备两者，存储有在其间交换的通信项目的历史记录。 历史记录由管理员设备和管理设备同意并签署。

公开(公告)号：US08413209B2

公开(公告)日：2013-04-02

申请号：US12225685

申请日：2006-03-27

申请人： Carlo Aldera ,  Paolo De Lutiis ,  Maria Teresa Grillo ,  Manuel Leone ,  Alessandro Basso ,  Michele Miraglia

发明人： Carlo Aldera ,  Paolo De Lutiis ,  Maria Teresa Grillo ,  Manuel Leone ,  Alessandro Basso ,  Michele Miraglia

IPC分类号： G06F17/00

CPC分类号： H04W12/08 ,  H04L63/0853 ,  H04L63/102 ,  H04L63/123 ,  H04L63/20 ,  H04W8/245 ,  H04W12/10 ,  H04W88/02

摘要： A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.

摘要翻译： 用于在移动通信设备上执行安全策略的系统适于在与用户身份模块有效关联的移动通信网络中使用。 具有客户机 - 服务器架构的系统包括由移动通信网络运营商操作的服务器和驻留在要执行安全策略的移动通信设备上的客户端。 服务器适于确定要应用于所述移动通信设备的安全策略，并向其发送要应用的安全策略。 客户端适合接收从服务器应用的安全策略，并应用接收到的安全策略。 服务器包括适于认证要发送到移动通信设备的安全策略的服务器认证功能; 客户端还适于通过利用驻留在订户身份模块上的客户端认证功能来评估从服务器接收的安全策略的真实性。

公开(公告)号：US20110214160A1

公开(公告)日：2011-09-01

申请号：US13127404

申请日：2008-11-03

申请人： Luciana Costa ,  Roberta D'Amico ,  Paolo De Lutiis ,  Manuel Leone ,  Maurizio Valvo ,  Paolo Solina

发明人： Luciana Costa ,  Roberta D'Amico ,  Paolo De Lutiis ,  Manuel Leone ,  Maurizio Valvo ,  Paolo Solina

IPC分类号： G06F21/00

CPC分类号： H04L63/0869 ,  H04L63/06 ,  H04Q11/0067 ,  H04Q2011/0088

摘要： A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code. The method may further include, at the OLT: receiving the second authentication message; calculating a second authentication code by using the first random number and a secret code stored at the OLT; and authenticating the optical termination device if the first authentication code matches the second authentication code.

摘要翻译： 公开了一种无源光网络中的安全性方法。 该方法包括：在光线路终端（OLT）处：检测光终端设备并建立与设备的连接; 生成包括第一随机数的第一认证消息; 以及通过建立的连接发送第一认证消息。 在光学终端装置中，该方法可以包括：接收第一认证消息; 通过使用存储在设备中的第一随机数和密码来计算第一认证码; 以及向所述OLT生成并发送包括所述第一认证码的第二认证消息。 该方法还可以包括：在OLT处：接收第二认证消息; 通过使用存储在OLT处的第一随机数和秘密码来计算第二认证码; 以及如果所述第一认证码与所述第二认证码匹配，则认证所述光学终端设备。